Slashdot Mirror
Huawei's Equipment Poses 'Significant' Security Risks, UK Says (cnbc.com)
The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks. From a report: In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators." The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing. In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."
And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).
It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.
And it continues. Even if Huawei earnestly means that they won't collaborate with Beijing, when your engineering security is so lax then it seems reasonable to expect that Beijing will find ways to make use of it (just like any other large government would).
It's just another example of corporate balances not finding a decent center for security versus productivity and profit. We all still have a long way to go.
With all this calling out of Huwei, it sounds suspiciously like the US security agencies found a specific back-door planted in the products, want to alert everyone to the issue, but also don't want to make the vulnerability public so they can use it for themselves.
How does it compare to the competition? It's not like there's been too much of a stellar privacy and security conscious record in the whole industry...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
"Told ya' so." -- America
Buy US gear because then the US can use them backdoors in there.
Chinese gear has no US-compatible backdoors.
Distortion...
If I were driving Hauwei at this point I would open-source all the software running on my devices. Their competitive edge is in slave-labor manufacturing and insane levels of customer financing, not technical innovation.
Of course they would still have to address the possibility of silicon or FPGA based backdoors but that might be worked out in a similar way.
So if Huawei is compromised by the Chinese government because it is based in China, who could compromise the other network equipment manufacturers? According to Wikipedia:
Avaya, Cisco, Hewlett Packard, Juniper, Motorola, and Qualcomm: USA.
Ericsson: Sweden.
Fujitsu and NEC: Japan.
Nokia: Finland.
ZTE: China.
It seems ZTE is similarly disliked by the US government, while the others are either American or controlled by US allies.
Remember when the UK supported the US fantasy of WMD in Iraq?
The US says "jump". The UK government asks "how high?"
Enjoy life! This is not a dress rehearsal.
warnings from U.S. officials
Because Chinese lap dogs are cuter than British.
Have gnu, will travel.
US kit was developed by a few engineers from the US but mostly immigrants/HB2s from India, China, UAE, etc., with source and schematics stored on networks run by Somali and Nigerian admins.
Huawei kit was developed by engineers from China.
So do you want you network kit to be hackable by everyone or just China?
That said, the Chinese kit was probably built using schematics and source stolen from US companies so it is probably hackable by everyone as well.
Captcha: betrayed
They have been the mole and lapdog of the US in the EU since the beginning.
Always demanding special treatment, always vetoing decisions with its extra-special veto power.
So much so, that I think the Brexit would actually be a pro-EU thing. ;)
So now Trump got them to toe the line. Probably by finding (or "finding") some dirt.
Let's see if the rest of the EU stays strong and says "no", like they recently said for the very first time, thanks to Trump, or if there's dirt on them too.
It would be funny, if they used actual proven spying on Merkel's phone, to get her to back banning Huawei for alleged spying. ^^
Oh and dear Americans: This criticism goes solely against those parts ofthe US people, that harm us. Not against you. In fact, those same people harm most of you just as much from what I can tell.
Cisco is not directly tied to a dictatorship government that requires obedience, and will pass any and all stolen information directly to their military for use against anyone and everyone.
It's all bad.
Anybody thinking they can buy non-compromised telco equipment is kidding themselves. That is why anybody with a clue insists on end-to-end encryption and is aware that it is obvious who talks to whom to the usual creeps (NSA, GCHQ, etc...)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Again, not all "creeps listening in" are EQUAL. China's APT groups want to destroy and destabilize the west, Europe, all of it. If the NSA listens in on you, unless you're a terrorist suspect already, nothing will happen.
When China targets millions of people just for their ethnicity alone, that's not the same thing now is it? Stop equivocating and obfuscating.
I guess that it's best to stick with Cisco then. Can't imagine that any of their kit would report back to CIA?!
Stating that Huawei has significant shortcomings is fine, but it can have a VERY detrimental effect if you don't also review the same facts for all their available competitors in the same space.
Who else is producing 5g infrastructure hardware today? Motorola? Cisco? Someone else? What are their security practices like? Is it more or less secure using single or multivendor rollouts? How will it be handled if not using huawei's equipment causes similar security shortcomings with another country who finds it economically advantageous to hack/screw them? Oracle and Juniper have both been intentionally backdoored, so even if Huawei is insecure at this time, are the alternatives really any better? Maybe it is time to force ALL infrastructure software to be open source and well documented, so purchasing nations can bugfix, secure, or audit the code publicly themselves.
The new U.K. government said it "does not believe that the defects identified are a result of Chinese state interference." Instead, it blamed "poor software engineering" and a lack of "cybersecurity hygiene." In other words, Huawei's networks could be exploited by a "range of actors," not just the Chinese government.
Raise your hand if you have not made a single bug in your career. Raise your hand if you know of any software company having zero bug or defect.
You must be new here or simply insane if you are so far to Amimojos left that you would go there.
UK always says whatever the cousins ask form them.
I just wonder what the Huawei story is really about. I am sure it is money and power but the details are probably very juicy.
One flaw with your analysis: there are almost no US companies that make similar equipment. At most, you have a Cisco or something that produces a small subsegment of the Huawei portfolio. Even the Pentagon, when talking about 5G, essentially says that the only alternatives are European suppliers like Ericsson or Nokia.
The US only warned about security risk from Huawei equipment.
They did NOT say that their equipment was more secure.
They did NOT say to buy their equipment instead.
Furthermore the European states do not single out Huawei. They do put all competitors under the same scrutiny.
This of course makes your statement a nonsensical deflection also known as Russian logic.
We don't have any proof of it, but we can assume that ALL governments have some kind of "deals" with any major hardware maker, and if they don't want to play ball with who we call our "friends" today, then they're the evil ones, as always.
Huawei is only being targeted because they're so big, and it's a Chinese manufacturer, and a real threat to Apple and other major players elsewhere. It's a dirty game, but they're playing it against them because the "why not" factor, it's a dirty political game, nothing new - but consider the following, in case it was true:
Almost every component known to man, is being produced in China these days, complete chips - take the ever so popular ESP8266, ESP 32 and many other all-in-one chips that provide complete communication solutions, these chips are found inside millions of devices ALL over the world, and could very easily sport a back-door or two to sniff on the networks they serve (I'm in NO WAY accusing them of this), but if you were to point out someone just because they're an apparent product that everyone knows, you'd target the most obvious one that is known and popular with the population.
Nothing of this means that ANYONE have implemented backdoor technology that's widely available to any government, we KNOW of the ME inside the INTEL processors, and yet they're basically everywhere, also in China - so why don't we hear a public uproar against that then? Because we're the good guys? Says who?
You can pretty much assume that any mass produced hardware can be abused in one way or another, whether that was intended or not, that's an entirely different debate. I'm just getting SO sick and tired of these political FUD games that should be SO apparent to ANYONE thinking about it for just more than a few minutes. Stop buying into the FUD, buy what you want - and be smart about your personal safety instead.
If you truly want to know - get god at it, learn to code, learn to reverse engineer, get knowledge instead of walking into a cloud of populist hearsay, fake news and whatnot.
What this world is coming to - is for you and me to decide.
Anything, and it is tainted by the rest of the utter shit that is going on with the mess that is parliament.
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
Huawei's Equipment Poses 'Significant' Security Risks, said the wolf
Huawei's equipment poses a 'significant threat' but so does all other hardware you asshats want to kvetch over.
There are certain folk with a specific set of skills able to utilize the vulnerabilities in all your hardware in order to bypass the state press.
Currently the state press is the control factor that keeps the people in the dark about the great sins of their own nations.
Let's introduce malware to this scenario. Now you statist fucks have ZERO control over the messaging. Instead, people like me do.
I know you are like children, a bunch of fucking morons, while people like me ensure this shit show stays together. But I've had just about enough of your low level games. Let's increase the stakes. I call you bluff. Make your move.
A lot of the critical telecommunication infrastructure is already made up of Huawei products (TLC hardware, networking equipment, end-user phones and modems), and has been since the 2000s. Huawei could already spy the heck out of us if this were their secret mission. I don't understand why it's only now, with 5G tenders in sight, that they've become a problem.
Looks like US intel world is sharing with our allies. Long past time to show the many backdoor that Chinese companies are leaving in.
I prefer the "u" in honour as it seems to be missing these days.
Wow, the UK, which is allied with the US against China, makes a nebulous claim without any concrete evidence (AFAIK) smearing a company based in the rival country. I am _so_ convinced!
What happened to proof when you gobbled up the Kum Aid of your owner and thinking prompter?
The US is literally spying on ALL the things, and openly and proudly brags about it. So it is amazing, how they still manage to keep up your anticonspiracy theorist reality distortion bubble. Murica, Number One! ;)
Not OP here.
I *did* read them. Yes, it was metadata. And no, you're still wrong, because metadata is actually much more useful than content. You're trying to find patterns. ...
If they wanted content, any old NSL would do. Rubber-stamped by the FISA. Accepted by the government. Cause when you got dirt on everyerone
But not that it was necessary. Employees just spied on their spouses, love interests, etc, since nobody would exactly ask why you'd spy on person x.
Oh, and the rule is that if somebody is a direct target, everybody up to three people removed from him, would get the extended metadata tracking package. That's just about everyone in the US, for your information.
And that's only the NSA!
GCHQ/FiveEyes did of course spy on all US citizens too, as their job. And then shared it with the NSA. Useful workaround, no?
This is just what I remember in under 5 minutes without looking anything up.
So fuck off, anticonspiracy theorist terrorist. You're a traitor to this country, just like the NSA whose human toilet gimp you are.
If we look past minor details like you know, the lack of any proof of security breaches. If it came down to it, I think I'd rather want to send my data to China then the US...
Congratulations. List all the evil things "your" enemy is. And you have a list what "you" are too.
If the Nazis still were in power, you'd argu pro racism, pro eugenics and pro concentration camps. Just with the polarity flipped. And just as extreme and evil.
Hell, I bet you still do!
I see no difference. "Sneaky psychopathic totalitarian assholes that spy on everyone to get leverage amd total control to abuse them and leech on them" fits both the US and Chinese masters.
WindBourne gets told 'secret info' all the time by his 'unnamed sources'. and he's the biggest 'fuckstick' around.
If they found the backdoor and want to use it. It's better for them if everyone has one.
It's more likely they can't put their NSA backdoors in and are having a hissy fit because of it.
Try reading for once silly boy. At least the summary this time.
"But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes"
And software engineering and security processes are so much better at Cisco, nobody has ever found a backdoor or hard coded password in any of their devices.
On a long enough timeline, the survival rate for everyone drops to zero.
Ah the old out of context quotes appearing in an article specifically designed to make a product or service look bad. The only thing ever reported on Huawei is negative hyperbole. When are we going to see anything on substance. i.e how does this equipment compare to other competing equipment, I am guessing it is all predominantly the same, which is why even though the security review didn't come up roses neither did any of the competing product lines from other vender's.
The US Government has worked for years to get backdoors in to telco equipment, we can't have people installing equipment that doesn't have NSA backdoors in it now can we.